|
Home > Archive > Microsoft Content Management Server > June 2007 > MCMS security
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| Hi,
We have a customer currently running their intranet on MCMS 2002. They want
to post confidential information on to the site but need to know whether MCMS
will keep the data secure. The intent is to set up a channel and set
permissions so that only a certain rights groups can edit/view the postings.
Due to privacy laws etc we need to be certain that this information cannot
be accessed by unauthorised people (the customer is a hospital and they want
to put confidential patient information into MCMS). I don't know enough about
security to advise whether they should be doing this or not. Is MCMS security
strong enough that we can say to the customer that the info will be safe? I
realise that it is likely there is more to it than simply securing MCMS. If
MCMS is a suitable tool for the job then are there any resources that
describe waht needs to be considered and what needs to be done to achieve
what our customer wants?
Thanks in advance,
Sean
| |
| Stefan Goßner [MSFT] 2007-06-11, 7:17 am |
| Hi Sean,
MCMS uses windows credentials for authentication and authorization.
As long as the rights groups are setup correctly (means only correct peoples
and groups are assigned to the channels) MCMS will keep the content secure.
Especially be sure not to assign a group holding the MCMS guest account (if
guest is enabled) to those channels.
Cheers,
Stefan
"Sean" <Sean@discussions.microsoft.com> wrote in message
news:D63B9EF8-36B0-49C0-AE41-58EFE0F3AFA7@microsoft.com...
> Hi,
>
> We have a customer currently running their intranet on MCMS 2002. They
> want
> to post confidential information on to the site but need to know whether
> MCMS
> will keep the data secure. The intent is to set up a channel and set
> permissions so that only a certain rights groups can edit/view the
> postings.
>
> Due to privacy laws etc we need to be certain that this information cannot
> be accessed by unauthorised people (the customer is a hospital and they
> want
> to put confidential patient information into MCMS). I don't know enough
> about
> security to advise whether they should be doing this or not. Is MCMS
> security
> strong enough that we can say to the customer that the info will be safe?
> I
> realise that it is likely there is more to it than simply securing MCMS.
> If
> MCMS is a suitable tool for the job then are there any resources that
> describe waht needs to be considered and what needs to be done to achieve
> what our customer wants?
>
> Thanks in advance,
> Sean
>
|
|
|
|
|